[4875] in Kerberos
Kerberos design limitation in multiuser evnironments?
daemon@ATHENA.MIT.EDU (Paul Muller)
Mon Mar 27 21:51:14 1995
To: kerberos@MIT.EDU
Date: Mon, 27 Mar 1995 22:11:56 GMT
From: pmuller@PROBLEM_WITH_INEWS_GATEWAY_FILE.MIT.EDU (Paul Muller)
I have recently been reading "Practical Unix Security" and in the section on
Kerberos he mentions the design limitation which effectively means that
users may not log onto a Kerberos workstation as this allows fraudulent
service to be obtained. (heavily paraphrased, but I hope not butchered)
The authors (Spaf et al) cite MIT as having switched rlogin/telnet access off
for all workstations to circumvent attacks.
Can someone please explain if this is still the case and why, the book is
somewhat opaque on this (in five pages, what can you expect?)
tia,
ptm